Git"git config --global user.name"为什么存在该选项? [英] Git "git config --global user.name" why does this option exist?
问题描述
Git初学者警报! 我有一个基本的问题,为什么GIT允许用户将用户名更改为配置选项
Git Beginner Alert! I have a basic question as to WHY does GIT allow one to change the user name as a config option
git config --global user.name trojan
此选项是否不使提交者冒充历史记录/日志并造成混乱?为什么不像从用于连接GIT的凭据中获取用户名那样简单?
Doesn't this option up the gate for committers to impersonate and create confusion in the history/logs? Why isn't it as simple as take the username from the credentials that are used to connect with GIT?
推荐答案
- 如 Greg在注释,只能在纯推送工作流程中使用.还有许多其他功能,包括纯拉,电子邮件,
git bundle或这些的任意组合. - 由于技术原因它不能完全退出工作:提交的身份是该提交完整内容(包括提交的
author和committer字段)的加密校验和.这些必须在创建提交时分配,并且一旦分配就不能更改:要更改"提交的任何部分,请将其复制到新的提交对象,该对象将获得新的提交哈希,仅如果逐位相同,则与原始提交相同.换句话说,我可以通过逐位复制提交内容(包括所有源,日志消息,时间戳等)来模拟您.但是要做到这一点,我必须获取您的提交,之后我的副本就是您的提交.在这种情况下,它 是您的提交,并且应该上面写上您的名字! - 通常有充分的理由将公开的身份(用户名和电子邮件)与任何身份验证凭据分开:例如,我用于向GitHub进行身份验证的凭据与我用于向其他位置进行身份验证的凭据不同.但是我仍然是同一个人.可以添加一个间接级别-我使用凭据 A 进行身份验证,然后该站点将 A 映射到 B 以获取我的名字(并在实际上GitHub就是通过ssh做到这一点的,因为一个以"
git@github.com"身份登录),但是这一切将所有权力交到了网站上.这与设计哲学背道而驰.
- As Greg notes in a comment, that can only work in a pure-push workflow. There are many others, including pure-pull, email,
git bundle, or any mix of these. - It can't quite work for technical reasons: the identity of a commit is a cryptographic checksum of the complete contents of that commit, including the commit's
authorandcommitterfields. These must be assigned at the time the commit is created, and once assigned, can never be changed: to "change" any part of a commit, you copy it to a new commit object, which gets a new commit hash, which is only identical to the original commit if it's bit-for-bit identical. In other words, I can impersonate you by copying your commit bit-for-bit, including all the source, the log message, the time stamps, and so on. But to do that I have to get your commit, after which my copy is just your commit. In which case, it is your commit, and it should have your name on it! - There are often good reasons to separate the exposed identity (user name and email) from any authentication credentials: for instance, the credentials I use to authenticate to GitHub are different from those I use to authenticate to other locations. Yet I am still the same person. One could add a level of indirection—I authenticate using credentials A, and then the site maps A to B to get my name (and in fact GitHub does just that with ssh since one "logs in" as
git@github.com)—but that puts all the power in the hands of the site. That's contrary to the design philosophy.
您是否希望建立某些特定提交的真实性-例如,您获得ID为99154acf3ba...或类似的提交,并且声称由Linus Torvalds或Bill Gates创作或巴拉克·奥巴马(Barack Obama)或其他任何东西-Git提供了使用某些外部身份验证服务的能力,例如PGP,该服务使用数字签名及其所有复杂性(包括其中有些对Git有所影响.
Should you wish to establish the authenticity of some particular commit—e.g., you obtain a commit whose ID is 99154acf3ba... or some such, and it claims to be authored by Linus Torvalds or Bill Gates or Barack Obama or whatever—Git provides the ability to use some external authentication service, such as PGP, that uses digital signatures and all their complexities (including both Chain of Trust and revocation). This particular field has, shall we say, some ongoing developments, some of which affect Git somewhat.
(通过GPG 进行的PGP身份验证内置在Git中,但由外部程序完成.这里特别明显的缺点是,签名的标签或提交仅验证一个标签或提交本身.进一步的身份验证取决于关于 Merkle树的安全性,而相当并未受到损害有关Git使用SHA-1的信息,但令人怀疑:请参阅链接的StackOverflow问题.)
(PGP authentication via GPG is built in to Git but done by external programs. The particularly glaring weakness here is that a signed tag or commit verifies only the one tag or commit itself. Further authentication depends on the security of the Merkle tree, which is not quite compromised for Git's usage of SHA-1 yet, but is getting suspect: see linked StackOverflow question.)
这篇关于Git"git config --global user.name"为什么存在该选项?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
